deps: bump the prod-deps group with 2 updates

[dependabot]

Bumps the prod-deps group with 2 updates: jupyterlab and jupytext.

Updates jupyterlab from 4.5.6 to 4.5.7

Release notes

Sourced from jupyterlab's releases.

v4.5.7

4.5.7

(Full Changelog)

Security patches

• CVE-2026-42557 GHSA-mqcg-5x36-vfcg
• CVE-2026-42266 GHSA-37w4-hwhx-4rc4
• CVE-2026-40171 GHSA-rch3-82jr-f9w9

Bugs fixed

• Video and Audio Content Providers: Fix JupyterLite support #18652 (@​martinRenou)
• Fix notebook hang when dropping cells #18808 (@​MUFFANUJ)
• Fix Contextual Help keyboard shortcut reliability and menu Help functionality #18747 (@​itsmejay80)
• Fix focusing input element when opening a dialog from Command Palette #18735 (@​Carreau)
• Fix native context menu blocked even when context menu is suppressed #18753 (@​utsav-develops)
• Fix flaky toolbar item placement in popup #18618 (@​filipeoliveira05)
• Update terminal default font family to honor macOS system-wide ui-monospace #18647 (@​flaviomartins)

Maintenance and upkeep improvements

• Fix linting issue #18819 (@​krassowski)
• Fix syntax for Python 3.9 on 4.5.x branch #18817 (@​krassowski)
• Remove unused CodeMirror v5 CSS rule #18785 (@​Carreau)
• Remove unused CSS rule forgotten after CodeMirror migration #18763 (@​Carreau)
• Remove unused progress bar CSS rule in execution indicator #18759 (@​Carreau)
• Remove dead .jp-VariableRenderer-TrustButton CSS rule #18762 (@​Carreau)
• Remove used .jp-Cell-Placeholder CSS rules #18761 (@​Carreau)

Documentation improvements

• Fix name of option for extension manager implementation in docs #18788 (@​krassowski)
• Remove 4.5.0 announcement from docs #18740 (@​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​filipeoliveira05 (activity) | @​flaviomartins (activity) | @​itsmejay80 (activity) | @​jtpio (activity) | @​krassowski (activity) | @​martinRenou (activity) | @​MUFFANUJ (activity) | @​utsav-develops (activity)

Commits

• f514041 [ci skip] Publish 4.5.7
• 66fe9ad Backport PR #18652 on branch 4.5.x (Video and Audio Content Providers: Fix Ju...
• f4455fa Fix syntax for Python 3.9 on 4.5.x branch (#18817)
• d2322b5 Backport PR #18819 on branch 4.5.x (Fix linting issue) (#18820)
• 5d9cb8c Merge commit from fork
• 1de120b Merge commit from fork
• 6926100 Backport PR #18808 on branch 4.5.x (Fix notebook hang when dropping cells) (#...
• 67e6e88 Backport PR #18647 on branch 4.5.x (Update default font family to honor macOS...
• bf21eb9 Backport PR #18747 on branch 4.5.x (Fix Contextual Help keyboard shortcut rel...
• 73cafa5 Backport PR #18788 on branch 4.5.x (Fix name of option for extension manager ...
• Additional commits viewable in compare view

Updates jupytext from 1.19.1 to 1.19.2

Release notes

Sourced from jupytext's releases.

Version 1.19.2

Fixed

• Trusted notebooks remain trusted after jupytext --sync (#1505)
• We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
• Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
• The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

Changed

• The CI workflow has been restructured to maximize parallelization. All test suites (pip, conda, UI) and the build step now run concurrently after pre-commit checks, instead of sequentially, reducing CI times (#1527)
• We have skipped the tests that involve jupyterfs on Python 3.12+ as they started failing on the CI with no obvious way to fix them (#1509)
• We have changed the configuration of Dependabot to get grouped dependency updates for our JupyterLab extension.
• We have merged a series of Dependabot security updates: #1516, #1517, #1519, #1520, #1522, #1524

Changelog

Sourced from jupytext's changelog.

1.19.2 (2026-05-10)

Fixed

• Trusted notebooks remain trusted after jupytext --sync (#1505)
• We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
• Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
• The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

Changed

• The CI workflow has been restructured to maximize parallelization. All test suites (pip, conda, UI) and the build step now run concurrently after pre-commit checks, instead of sequentially, reducing CI times (#1527)
• We have skipped the tests that involve jupyterfs on Python 3.12+ as they started failing on the CI with no obvious way to fix them (#1509)
• We have changed the configuration of Dependabot to get grouped dependency updates for our JupyterLab extension.
• We have merged a series of Dependabot security updates: #1516, #1517, #1519, #1520, #1522, #1524

Commits

• 309f97f Version 1.19.2 (#1529)
• e4dded4 build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /jupyterlab/packages/...
• 2c262e5 Fix: --quiet also suppresses warning for directory creation (#1526)
• 0bfcec1 build(deps): bump fast-uri from 3.1.0 to 3.1.2 in /jupyterlab (#1524)
• 611e2c0 Explicitly close NotebookNotary signature store (#1528)
• 70b1f20 All tests run after coverage tests have passed (#1527)
• 399e934 Close SQLite database connections of Jupytext-created notaries
• a657271 jupytext --sync preserves trusted notebooks
• 9e0054e build(deps): bump flatted from 3.3.3 to 3.4.2 in /jupyterlab (#1495)
• c578b2a build(deps): bump ip-address from 10.1.0 to 10.2.0 in /jupyterlab (#1520)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions